Management of Information Security 4th Edition – Test Bank

Management of Information Security 4th Edition – Test Bank

Chapter 07 – Security Management Practices

TRUE/FALSE

1. Using a practice called benchmarking, you are able to develop an acceptable use policy based on the typical practices of the industry in which you are working.

ANS: F PTS: 1 REF: 248

2. A company deemed to be using ‘best security practices’ establishes high-quality security in every area of their security program.

ANS: F PTS: 1 REF: 249

3. One question you should ask when choosing among recommended practices is “Can your organization afford to implement the recommended practice?”

ANS: T PTS: 1 REF: 253

4. The first phase in the NIST performance measurement process is to identify and document
InfoSec performance goals and objectives.

ANS: F PTS: 1 REF: 259

5. Attaining certification in security management is a long and difficult process, but once attained, an organization remains certified for the life of the organization.

ANS: F PTS: 1 REF: 274

MULTIPLE CHOICE

1. Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?
a. benchmarking c. baselining
b. best practices d. due diligence

ANS: A PTS: 1 REF: 248

2. Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?
a. criminal proceedings c. chapter 11 filings
b. legal liability d. certification revocation

ANS: B PTS: 1 REF: 249

3. Which of the following is NOT a consideration when selecting recommended best practices?
a. threat environment is similar c. organization structure is similar
b. resource expenditures are practical d. product or service is the same

ANS: D PTS: 1 REF: 252-253